news
Security Patches, News, Analysis
-
Security Week ☛ Google Warns of New Campaign Targeting BPOs to Steal Corporate Data
Tracked as UNC6783, the threat actor is likely linked to Mr. Raccoon, the hacker behind the alleged theft of Adobe data from a BPO.
-
Tom's Hardware ☛ 10 petabytes of sensitive data stolen from China's National Supercomputing Center, hackers claim — daring heist would be largest ever China hack, covering 6,000 clients across science, defense, and beyond
Hacker or hacker group steals secret data concerning aerospace engineering, bioinformatics, fusion modeling from China's National Supercomputing Center.
-
Security Week ☛ Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access
Dozens of such keys can be extracted from apps’ decompiled code to gain access to all Gemini endpoints.
-
LWN ☛ Security updates for Thursday
Security updates have been issued by Debian (firefox-esr, postgresql-13, and tiff), Fedora (bind, bind-dyndb-ldap, cef, opensc, python-biopython, python-pydicom, and roundcubemail), Slackware (mozilla), SUSE (ckermit, cockpit-repos, dnsdist, expat, freerdp, git-cliff, gnutls, heroic-games-launcher, libeverest, openssl-1_1, openssl-3, polkit, python-poetry, python-requests, python311-social-auth-app-django, and SDL2_image-devel), and Ubuntu (dogtag-pki, gdk-pixbuf, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke,
linux-gkeop, linux-ibm, linux-ibm-5.15, linux-intel-iotg,
linux-nvidia-tegra-igx, linux-oracle, linux-oracle-5.15, linux-raspi,
linux-xilinx-zynqmp, linux-aws-6.8, linux-gcp-6.8, linux-hwe-6.8, linux-ibm-6.8,
linux-lowlatency-hwe-6.8, linux-fips, linux-aws-fips, linux-gcp-fips, linux-oracle, linux-oracle-6.17, linux-raspi, linux-realtime, openssl, and squid).
-
Pen Test Partners ☛ You can pen test OT networks without breaking them
There is a widely held belief that penetration testing Operational Technology networks is impossible. That simply connecting a laptop to a network will take down everything.
-
Security Week ☛ Adobe Reader Zero-Day Exploited for Months: Researcher
Reputable researcher Haifei Li has come across what appears to be a PDF designed to exploit an unpatched vulnerability.
-
Security Week ☛ Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities
The bugs could allow attackers to modify protected resources and escalate their privileges to administrator.
-
Rethinking Linux security operations
For most organizations, Linux security didn’t become complicated overnight. It became complicated one tool at a time.
Vulnerability scanning arrived to solve one problem. Compliance tooling came next. Configuration hardening scripts followed. Performance monitoring lived elsewhere, owned by a different team, with different priorities. Each solution made sense in isolation. Together, they created a fragmented operational reality defined by multiple dashboards, logins, agents, and handoffs.
This fragmentation has quietly become one of the biggest obstacles to effective Linux security.